Monday, March 20, 2017

CYBR 650 Week 2 - Credible Sources for Information Security

With any type of research, it is critical to have references in your arsenal to ensure the information is complete, accurate, and comes from a reputable source. Threat modeling is no different, and some of my favorites for reporting on threats, vulnerabilities, updates, and security news are listed below:

  1. SOPHOS’ nakedsecurity - http://nakedsecurity.sophos.com/ - I use this site a lot because it covers security for a variety of platforms, most notably Macs. I am a Mac user myself, and it is beneficial to have someone on the IT staff that can provide expertise in this area. Despite popular belief, Apple products are not immune to attacks, and this is one website that delivers great information for securing Apple devices. They also provide a section that focuses on vulnerabilities in general at http://nakedsecurity.sophos.com/category/security-threats/vulnerability/.
  2. TechTarget’s SearchSecurity - http://searchsecurity.techtarget.com/resources#parentTopic4 - Tech Target is a great news source for any topic related to IT, but SearchSecurity also includes an area specially designed for information security threats. It covers several types of threats, hacking tools and techniques, security awareness training, and more.
  3. SANS @Risk: The Consensus Security Alert - http://www.sans.org/newsletters/risk/ - This newsletter gives a synopsis of the top vulnerabilities each week, with a complete listing of all new vulnerabilities. While anyone can just browse the archives, subscribers also receive SANS Flash Alerts several times per year.
  4. Forbes - http://www.forbes.com/security/ - Forbes is not just a financial resource anymore. It has expanded its horizons to encompass technology. Security is listed as a sub-topic under technology, and the authors do a great job of keeping up with current security trends.
  5. NIST’s National Vulnerability Database - http://nvd.nist.gov/ - Last but not least, this website hosts the Vulnerability Search Engine to query common configuration enumeration (CCE) or common vulnerabilities and exposures (CVE) for any type of software contained in the database. It also has a repository of security checklists based on accepted standards for organizations to use as a benchmark for securing their own systems.


Additionally, CSO Online provides a one-stop-shop dashboard of valuable security tools and information, located at http://www.csoonline.com/article/2926005/techology-business/cso-online-daily-dashboard.html.

While all of these sources have a proven track record for reliability and trustworthiness, experts are not always going to agree. One course of action is to go with the majority for any conflicting information. More knowledgeable individuals can go a step further and use these resources to develop their own analysis.
Posted by at No comments:

Sunday, March 19, 2017

CYBR 650 Week 1 - Introduction

Welcome back! For my final class in the Master of Cybersecurity program, our task is to create our own threat process model using Visio to map it out. This blog will follow my efforts.

During some basic research on this topic, I came across Microsoft's SDL Threat Modeling Tool. It requires Visio to run, and it aids in analyzing threats for this particular endeavor. Since I need to have Visio installed anyway, and the SDL Threat Modeling Tool is free, my goal is to incorporate it into the assignments and post evaluations of the tool along the way.

For more information on how to use the SDL Threat Modeling tool, visit:
https://www.youtube.com/watch?v=iV2SAuTxIUc

To download this tool, visit:
https://www.microsoft.com/en-us/download/details.aspx?id=49168



Posted by at No comments:
Subscribe to: Posts (Atom)